Rud*_*lik 2 python django permissions mixins user-permissions
视图.py
class templateList(PermissionRequiredMixin, TemplateView):
permission_required = 'accounts.template_all'
def get(self, request, *args, **kwargs):
#view logic
print(self.request.user.has_perms('accounts.template_all'))
return render(request, template_name, context)
帐户/模型.py
class User(AbstractBaseUser, PermissionsMixin):
# some fields here
class Meta:
verbose_name = _('user')
verbose_name_plural = _('users')
permissions = (
("template_all", "access to all templates"),
)
视图名称.___mro____
(<class 'template.views.templateList'>, <class 'django.contrib.auth.mixins.PermissionRequiredMixin'>, <class 'django.contrib.auth.mixins.AccessMixin'>, <class 'django.views.generic.base.TemplateView'>, <class 'django.views.generic.base.TemplateResponseMixin'>, <class 'django.views.generic.base.ContextMixin'>, <class 'django.views.generic.base.View'>, <class 'object'>)
self.request.user.has_perms('accounts.template_all')在 views.py 中返回正确的布尔值,但是self.has_permission()每次都返回 True。permission_required没有效果,即使打印返回 false,用户仍然可以看到页面。self.get_permission_requiredalos 返回正确的值。帮助表示赞赏。
总之:在PermissionRequiredMixin基类应该放在之前的TemplateView基类,使得MRO(方法解析顺序)是正确的,并调度点的倍率PermissionRequiredMixin。
APermissionRequiredMixin修补dispatch(..)方法(它添加了一个额外的检查,以查看用户是否具有适当的权限)。然而,在这里您已按顺序放置子类,从而导致dispatch(..)函数是View类中的函数。
事实上,如果我们看看 MRO,我们会看到:
>>> ViewName.__mro__
(<class 'ViewName'>, <class 'django.views.generic.base.TemplateView'>, <class 'django.views.generic.base.TemplateResponseMixin'>, <class 'django.views.generic.base.ContextMixin'>, <class 'django.views.generic.base.View'>, <class 'django.contrib.auth.mixins.PermissionRequiredMixin'>, <class 'django.contrib.auth.mixins.AccessMixin'>, <class 'object'>)如果我们查看调用时调用的方法.dispatch(..),我们会看到:
>>> ViewName.dispatch
<function View.dispatch at 0x7f169e8f6620>
为了让mixin覆盖原来的.dispatch(..)函数,我们需要先把它放在基类中,比如:
# PermissionRequiredMixin is put before TemplateView
class ViewName(PermissionRequiredMixin, TemplateView):
permission_required = 'accounts.action_all'
# ...然后我们看到:
>>> ViewName.__mro__
(<class 'ViewName'>, <class 'django.contrib.auth.mixins.PermissionRequiredMixin'>, <class 'django.contrib.auth.mixins.AccessMixin'>, <class 'django.views.generic.base.TemplateView'>, <class 'django.views.generic.base.TemplateResponseMixin'>, <class 'django.views.generic.base.ContextMixin'>, <class 'django.views.generic.base.View'>, <class 'object'>)
>>> ViewName.dispatch
<function PermissionRequiredMixin.dispatch at 0x7f168b41d620>| 归档时间: |
|
| 查看次数: |
4034 次 |
| 最近记录: |